Research On Intrusion Detection System Based On SVM

With the rapid development and wide application of network technologies, network security is becoming more and more important. It is a very urgent problem in intrusion detection system that how to recognize existing attacks and increasingly new attacks rapidly, exactly and effectively. Compared to traditional intrusion detection technologies, pattern recognition technology yielded encouraging effects on intrusion detection system based on machince learning.The generalization of pattern recognition can make IDS to recognize new or unknown attacks and classification capability of classifier can improve accuracy of intrusion detection. As built on structural risk minimization and VC dimension theory of Statistical Learning, SVM is not easy to be run into local optimum and conquers curse of Dimensionality handily. And that holds special advantages on intrusion classification problem which has small samples and high dimension. Otherwise, network protocol analysis can also improve accuracy and speed of intrusion detection. In this thesis, we present an intrusion detection model based on SVM using network protocol and feature analysis.In order to construct a model to fit for the actual internet environment, the following key issues are studied in this thesis:1. Classifier SelcetionAt the beginning of thesis, using SVM in intrusion detection system is a fresh problem. So we compare the performance of Neuro network with SVM and experiments results validate that it is feasibile using SVM in intrusion detection system.2. Feature selectionFeature selection can improve the SVM classification speed which has important meaning for IDS walking up to practicality. So it needs to keep the number of features as small as possible in line with our desire to design classifiers with good generalization capabilities, which called feature selection.Using feature selection method to simplify SVM classifier, more pertinent subclassifiers are built in the theisis.3. Multiple Classifiers Combination StrategyIn the thesis, we design classifiers based on different feature subspace which has different meaning and roles. So the fuzzy integral strategy is adopted to combine multiple classifers. Then we propose a method for computing fuzzy density when samples are asymmetric distributing and compare experiment results with other method.4. Application Study of Protocol Analysis in Intrusion DetectionIn the thesis,we reserch on application study of protocol analysis in intrusion detctiong, and experiments results validate that it is feasibile using protocol analysis in intrusion detection system.5. Application study of Incremental Learning in Intrusion DetectionIn fact, intrusion action emerges in endlessly and defines perfect training data set barely.As an attack is recognized, a new attack appears, IDS should have better flexibility, self-learning and robustness, which need incremental learning. While intrusion detection classifers are constructed based on SVM, the incremental learning method is used, which can improve learning accuracy of intrusion detection system as training samples step up, and experiment results show this in the thesis.